U.S. Application No. 09/659,781 

Amendment to the Claims : 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 



Listing of Claims: — 

1 . (currently amended) A method fo r ordering, authorizing, and delivering 
goods and services using id e ntifying a mobile station to a s e rv i c e prov i d e r , 
comprising: 

accessing a gateway by the mobile station and transmitting an identification 
code for mobile station to the gateway; 

verifying the identity of the mobile station by the gateway by accessing an 
authentication cente r of a cellular network and comparing mobile station generated 
variables computed by the mobile station and -with gateway generated variables 
computed by the gateway; 

verifying the legitimacy of the gateway by the mobile station by comparing the 
variables computed by the gateway with the variables computed by the mobile 
station; . 

reguesting a digital certificate by the mobile station from the gateway used to 
order and authorize a product or service from a service provider; 

delivering a digital certificate to the mobile station by the gateway when the 
identity of the mobile station have been verified; and 

reguesting a product or service from the service provider; and 
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transmitting a digital signature by the mobile station accompanied by the 
digital certificate for a signature verification key as authorization to said service 
provider. 

2. (currently amended) The method recited in claim 1 , wherein the verifying 
the legitimacy of the gateway by the mobile station by comparing the variables 
computed by the gateway with the variables computed by the mobile station, further 
comprises: 

transmitting from the mobile station to the gateway a session identification 
and an int e rnat i ona l,^ mobile subscriber identifier; 

transmitting the i nt e rnationa l mobile subscriber identifier from the gateway to 
the authentication center; 

transmitting from the authentication center to the gateway a random number 
(RAND), a signed response (SRES), and an encryption key; 

computing a variable Ml by the gateway and transmitting the variable Ml and 
the random number to the mobile station; 

computing a variable Mr by the mobile station; and 

verifying the legitimacy of the gateway when the variable Ml equals the 
variable Ml'. 

3. (original) The method recited in claim 2, wherein the integrity key (K) is 
computed by both the mobile station and the authentication center as a function of 
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RAND and Ki, where RAND is a random number issued by the authentication center, 
and Ki is a secret key contained within the authentication center and the mobile 
station. 

4. (currently amended) The method recited in claim 3, where an integrity key 
(IKK) is transmitted by the authentication center to the gateway. 

5. (original) The method recited in claim 1, further comprising: 
computing a digital certificate by the gateway certifying the mobile station's 

public key(PK); 

computing a variable M3 by the gateway and transmitting the variable M3 and 
the digital certificate to the mobile station; 

computing a variable M3' by the mobile station; 

verifying the legitimacy of the gateway when the variable M3 equals the 
variable M3\ 

6. (original) The method recited in claim 5, wherein the variables M3 and M3' 
are computed using the formula M3 = M3' = MAC (K, C), where MAC is a message 
authentication code function, K is an integrity key and C is the digital certificate 
created by the gateway to certify PK. 

7. (currently amended) The method recited in claim 1, wherein verifying the 
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identity of the mobile station by the gateway accessing an authentication center and 
comparing variables computed by the mobile station and variables computed by the 
gateway, further comprises: 

transmitting in at least one message a signed response, a public key and a 
variable M2 computed by the mobile station to the gateway; 

computing a variable M2' by the gateway; 

comparing the variable M2 and the variable M2'; and 

verifying the identity of the mobile station when variable M2 is equal to 
variable M2\ 

8. (original) The method recited in claim 7, wherein variables M2 and M2' are 
computed using the formula M2 = M2' = MAC (K, {SRES}, PK, [{restrictions}], 
[alias]), wherein MAC is a message authentication code function, SRES is a signed 
response, K is an integrity key, PK is a public key, restrictions are limits on the 
certificate and alias is an alternate identification for the mobile station. 

9. (currently amended) The method recited in claim 1 , wherein transmitting 
the digital signature, accompanied by the digital certificate for the signature 
verification key to said service provider, further comprises: 

transmitting the certificate with a request for a product or service; 
receiving an invoice from a se lle rt he service provider indicating a price for the 
product or service; 
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computing a digital signature on the invoice; 

approving the invoice by transmitting the digital signature to the sette rservice 
provider ; and 

accepting delivery of the product or service by a buyer. 

10. (currently amended) The method recited in claim 9, wherein the selle r 
service provider upon transmission of the digital signature, further comprises: 

verifying the digital signature; 

verifying that restrictions associated with the digital certificate are not violated; 

and 

creating an accounting record for the product or service sold. 

1 1 . (currently amended) The method recited in claim 10, further comprising: 
transmitting from the sette^ service provider to the gateway the accounting 

record having an invoice and digital signature of a customer of a home network 
operator service; 

determining by the gateway that a corresponding record exists in a local 
database and the validity of the digital signature; 

determining whether the invoice violates any restrictions contained in the 
corresponding record; 

crediting the seUef -service provider w ith an amount equal to that in the 
invoice; and 
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billing the buyer with the amount of the invoice. 

12. (original) The method recited in claim 1 , further comprising: 

verifying the legitimacy of the gateway by the mobile station by comparing the 
variables computed by the gateway with the variables computed by the mobile 
station. 

13. (currently amended) The method recited in claim 1 1 , wherein delivering a 
digital certificate to the mobile station by the gateway when the identify of the mobile 
station and the gateway have been verified, further comprises: 

requesting a digital certificate by the mobile station from the gateway used to 
order and authorize a product or service from a se l l e rt he service provider . 

14. (currently amended) A system for ordering, authorizing and delivering 
goods and services using a mobile station, comprising: 

a QSM- cellular network authentication module to verify that the mobile station 
is permitted to access a telecom infrastructure; 

a mobile station certificate acquisition module to request a digital certificate for 
the mobile station from a gateway; and 

a gateway certificate generation module to verify that the mobile station is 
authorized to receive the digital certificate by transmitting an i ntornational _a mobile 
subscriber identifier received from the mobile station to an authentication center, 
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calculate variables based on information received from the authentication center and 
compare them to variables computed by the mobile station, and issue the digital 
certificate to the mobile station when the variables match. tho variab le s match. 

wherein the mobile station verifies the legitimacy of the gateway by comparing 
the variables calculated by the gateway with the variables computed by the mobile 
station, the mobile station reguesting a product or service from a service provider 
and transmitting a digital signature accompanied by the digital certificate for a 
signature verification key as authorization to the service provider. 

15. (original) The system recited in claim 14, wherein the mobile station 
certificate acquisition module verifies that the gateway is authorized to issue the 
digital certificate through the use of comparing variables computed by the gateway 
and the mobile station. 

16. (currently amended) The system recited in claim 15, further comprising: 

a buyef^purchase module to request the purchase of a good or service from a 
setie rservice provider , present the digital certificate to the sette r service provider , 
receive an invoice and provide the seHef^ service provider w ith a digital signature 
approving the purchase of the good or service; 

a seWe^sales module to verify the validity of the digital certificate and the 
validity of the digital signature, issue an invoice, generate an accounting record and 
deliver a product or service; 
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a $eUef^billing module to transmit to the gateway the accounting record and 
receive a response indicating if the accounting record has been approved for 
payment; and 

a gateway billing module to verify the accounting record and an 
accompanying signature, and issue a credit to the setle ^service provider and debit to 
tbe-_a_buyer when the accounting record and the accompanying signature are 
verified. 

17. (currently amended) The system recited in claim 16, wherein the gateway 
certificate generation module transmits an international _a_mobile subscriber identifier 
to the authentication center, receives a random number, a signed response and an 
encryption key from the authentication center, computes a variable Ml, M2\ and M3 
and verifies the validity of the mobile station by comparing variable M2 received from 
the mobile station with variable M2\ 

18. (original) The system recited in claim 14, wherein the mobile station 
further comprises: 

a subscriber identification module (SIM) used to compute a signed response 
and a ciphering key based on a secret key, installed by a home network operator 
service in the subscriber identification module upon signing up for a service plan, 
and a random number obtained from an authentication center in the home network 
operator service; 
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an A3 algorithm module, contained in the SIM, is used to compute the signed 
response; and 

an A8 algorithm module, contained in the SIM, is used to compute the 
ciphering key, wherein through the transmission of signed responses to and from the 
mobile station a telecommunication infrastructure is able to verify that the mobile 
station is authorized to access the telecommunication infrastructure and the 
gateway. 

19. (currently amended) A computer program embodied on a computer 
readable medium and executable by a computer for ordering, authorizing and 
delivering goods and services using a mobile station, comprising: 

a GSM -cellular network authentication code segment to verify that the mobile 
station is permitted to access a telecom infrastructure; 

a mobile station certificate acquisition code segment to request a digital 
certificate for the mobile station from a gateway; and 

a gateway certificate generation code segment to verify that the mobile station 
is authorized to receive the digital certificate by transmitting an i nt e rnat i ona l _a 
mobile subscriber identifier received from the mobile station to an authentication 
center, calculate variables based on information received from the authentication 
center and compare them to variables computed by the mobile station, and issue the 
digital certificate to the mobile station when the variables match. 

wherein the mobile station verifies the legitimacy of the gateway by comparing 
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the variables calculated bv the gateway with the variables comput ed bv the mobile 
station, the mobile station requesting a product or service from a service provider 
and transmitting a digital signature accompanied bv the digital c ertificate for a 
signature verification key as authorization to the service provider. 

20. (original) The system recited in claim 19, wherein the mobile station 
certificate acquisition code segment verifies that the gateway is authorized to issue 
the digital certificate through the use of comparing variables computed by the 
gateway and the mobile station. 

21. (currently amended) The computer program recited in claim 19, further 

comprising: 

a buye^purchase code segment to request the purchase of a good or service 
from a seUe fservice provider , present the digital certificate to the setie fservice 
provider , receive an invoice and provide the setief service provider with a digital 
signature approval the purchase of the good or service; 

a seUe^sales code segment to verify the validity of the digital certificate and 
the validity of the digital signature, issue an invoice, generate an accounting record 
and deliver a product or service; 

a selle^billing code segment to transmit to the gateway the accounting record 
and receive a response indicating if the accounting record has been approved for 
payment; and 
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a gateway billing code segment to verify the accounting record and an 
accompanying signature, and issue a credit to the seHef ^service provider and debit to 
tbe-a_buyer when the accounting record and the accompanying signature are 
verified. 

22. (currently amended) The computer program recited in claim 20, wherein 
the mobile station certificate acquisition code segment transmits a session 
identification and an i nt e rnat i ona l ^ mobile subscriber identifier to the gateway, 
receives a random number and a variable Ml from the gateway and verifies that the 
gateway is authentic by computing and comparing the variable Mr with Ml. 

23. (currently amended) The computer program recited in claim 19, wherein 
the gateway certificate generation code segment transmits an i nt e rnat i onal ,^ mobile 
subscriber identifier to the authentication benter, receives a random number, a 
s e rvic e signed response and an encryption key from the authentication center, 
computes a variable Ml, M2\ and M3 and verifies the validity of the mobile station by 
comparing variable M2 received from the mobile station with variabl e M2'. 



24. (new) A system for ordering, authorizing and delivering goods and 
services using a mobile station, comprising: 
a mobile station; 

a gateway, the mobile station accessing the gateway and transmitting an 
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identification code for the mobile station to the gateway; 

an authentication center, the authentication center being part of a cellular 
network, the gateway verifying the identity of the mobile station by accessing the 
authentication center and comparing mobile station generated variables computed 
by the mobile station with gateway generated variables computed by the gateway, 

wherein the gateway delivers a digital certificate to the mobile station when 
the identity of the mobile station has been verified, the mobile station verifying the 
legitimacy of the gateway by comparing the variables computed by the gateway with 
the variables computed by the mobile station and requesting a digital certificate from 
the gateway to be used to order and authorize a product or service from a service 
provider, the mobile station requesting a product or service from the service provider 
and transmitting a digital signature and the digital certificate for a signature 
verification key as authorization to the service provider. 
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